Lucene search
K

11 matches found

NVD
NVD
added 2026/06/10 10:16 p.m.9 views

CVE-2026-45783

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS0.00354EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 9:9 p.m.10 views

EUVD-2026-36153

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS5.4AI score0.00354EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 9:9 p.m.7 views

CVE-2026-45783 libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS5.4AI score0.00354EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/19 8:7 p.m.11 views

@libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

Summary An unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a crafted ke...

7.5CVSS5.9AI score0.00354EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/19 8:7 p.m.6 views

Improper Validation of Syntactic Correctness of Input

Overview @libp2p/kad-dht is a JavaScript implementation of the Kad-DHT for libp2p Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the verifyRecord function that leads to the unlimited message processing since rate limits are applied onl...

8.8CVSS5.8AI score0.00354EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/19 8:7 p.m.8 views

8004skill (>=1.1.0 <=2.0.0), @a3stack/identity (=0.2.0) +279 more potentially affected by CVE-2026-45783 via @libp2p/kad-dht (>=10.0.15 <=16.2.6-9eb27be79)

@libp2p/kad-dht NPM version =10.0.15, =1.1.0, =1.0.0, =1.0.0, =1.0.1, =1.3.0, =0.0.2, =1.1.3, =0.2.0, =0.0.0-test.0, =0.0.0-test.0, =0.7.2, =0.0.0-test.0, =4.0.0-nightly.20250907 and more Source cves: CVE-2026-45783 Source advisory: OSV:GHSA-32MQ-HPPH-XFVR...

7.5CVSS5.7AI score0.00354EPSS
Exploits0
OSV
OSV
added 2026/05/19 8:7 p.m.5 views

GHSA-32MQ-HPPH-XFVR @libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

Summary An unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. No credentials, no prior relationship, and no protocol deviation beyond a crafted ke...

7.5CVSS5.9AI score0.00354EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.9 views

PT-2026-42028

Name of the Vulnerable Software and Affected Versions libp2p versions prior to 16.2.6 Description An unauthenticated remote peer can cause disk storage exhaustion on any @libp2p/kad-dht node operating in server mode. This occurs when an attacker sends an unbounded stream of PUT VALUE messages usi...

7.5CVSS5.5AI score0.00354EPSS
Exploits0References7
OSV
OSV
added 2024/10/25 6:30 p.m.10 views

GHSA-MQR9-HJR8-2M9W Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse

The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...

5.3CVSS5AI score0.00201EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/10/25 12:0 a.m.3 views

go-libp2p-kad-dht 安全漏洞

go-libp2p-kad-dht is a distributed hash table algorithm in the libp2p open source. A security vulnerability exists in go-libp2p-kad-dht version 0.20.0 and earlier, which stems from a vulnerability that allows an attacker to hijack the content parsing process by generating a number of Sybil peers...

5.3CVSS6.7AI score0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/10/25 12:0 a.m.12 views

CVE-2023-26248

The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...

6.5AI score0.00201EPSS
Exploits0References2
Rows per page
Query Builder